---
title: Field-level Access Control
label: Fields
order: 40
desc: Field-level Access Control is specified within a field's config, and allows you to define which users can create, read or update Fields.
keywords: fields, access control, permissions, documentation, Content Management System, cms, headless, javascript, node, react, nextjs
---

Field Access Control is [Access Control](../access-control/overview) used to restrict access to specific [Fields](../fields/overview) within a Document.

To add Access Control to a Field, use the `access` property in your [Field Config](../fields/overview):

```ts
import type { Field } from 'payload';

export const FieldWithAccessControl: Field = {
  // ...
  access: { // highlight-line
    // ...
  },
}
```

<Banner type="warning">
  **Note:**
  Field Access Controls does not support returning [Query](../queries/overview) constraints like [Collection Access Control](./collections) does.
</Banner>

## Config Options

Access Control is specific to the operation of the request.

To add Access Control to a Field, use the `access` property in the [Field Config](../fields/overview):

```ts
import type { CollectionConfig } from 'payload';

export const Posts: CollectionConfig = {
  slug: 'posts',
  fields: [
    {
      name: 'title',
      type: 'text',
      // highlight-start
      access: {
        create: ({ req: { user } }) => { ... },
        read: ({ req: { user } }) => { ... },
        update: ({ req: { user } }) => { ... },
      },
      // highlight-end
    };
  ],
};
```

The following options are available:

| Function                | Purpose                                                                          |
| ----------------------- | -------------------------------------------------------------------------------- |
| **`create`** | Allows or denies the ability to set a field's value when creating a new document. [More details](#create). |
| **`read`**     | Allows or denies the ability to read a field's value. [More details](#read).       |
| **`update`** | Allows or denies the ability to update a field's value [More details](#update).    |

### Create

Returns a boolean which allows or denies the ability to set a field's value when creating a new document. If `false` is returned, any passed values will be discarded.

**Available argument properties:**

| Option            | Description                                                                |
| ----------------- | -------------------------------------------------------------------------- |
| **`req`**         | The [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) object containing the currently authenticated `user` |
| **`data`**        | The full data passed to create the document.                               |
| **`siblingData`** | Immediately adjacent field data passed to create the document.             |

### Read

Returns a boolean which allows or denies the ability to read a field's value. If `false`, the entire property is omitted from the resulting document.

**Available argument properties:**

| Option            | Description                                                                |
| ----------------- | -------------------------------------------------------------------------- |
| **`req`**         | The [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) object containing the currently authenticated `user` |
| **`id`**          | `id` of the document being read                                            |
| **`doc`**         | The full document data.                                                    |
| **`siblingData`** | Immediately adjacent field data of the document being read.                |

### Update

Returns a boolean which allows or denies the ability to update a field's value. If `false` is returned, any passed values will be discarded.

If `false` is returned and you attempt to update the field's value, the operation will **not** throw an error however the field will be omitted from the update operation and the value will remain unchanged.

**Available argument properties:**

| Option            | Description                                                                |
| ----------------- | -------------------------------------------------------------------------- |
| **`req`**         | The [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) object containing the currently authenticated `user` |
| **`id`**          | `id` of the document being updated                                         |
| **`data`**        | The full data passed to update the document.                               |
| **`siblingData`** | Immediately adjacent field data passed to update the document with.        |
| **`doc`**         | The full document data, before the update is applied.                      |
